Every OA document's provenance can be verified and traced back to its creator or issuer. This is achieved by embedding an
identityProof property in the document, which serves as a claim for identity. During the verification phase, the claim is checked against external records.
In this guide, we will bind the document issuer's identity to a valid domain name. This domain will be displayed as issuer every time the document is rendered in an OA-compliant decentralized renderer.
- Domain name
- Edit access to your domain's DNS records
- A document store
To bind the domain name to the issuer's identity, you must be able to change the DNS record of the domain name.
Inserting the DNS Record
You will need to add a DNS
TXT record to your domain name. The exact steps to achieve this can be confirmed with your domain registrar, this is usually achieved through your domain registrar or DNS provider's web UI.
While we have provided links to guides on adding DNS
TXT records for some common domain registrars and DNS providers, the steps below is a generic procedure for any DNS provider.
Select a domain name that you will like to associate with your documents. The domain can either be the root domain (e.g.
openattestation.com) or a subdomain (e.g.
issuer.openattestation.com). Using the root domain is recommended as it will be easier for viewers of your documents to recognize visually.
Within your domain registrar or DNS provider's web UI, insert a
TXT record into the DNS in the following format:
|TXT||example.com||"openatts net=ethereum netId=3 addr=|
<DOCUMENT_STORE_ADDRESS> in the
Value field above is the document store smart contract address obtained. Please note that the document store address needs to be prepended with
The quotes around the value are necessary. They are used to delimit each different records that you might have to be bound to the same domain.
An example of a valid DNS
TXT record is as shown:
|TXT||demo.openattestation.com||"openatts net=ethereum netId=3 addr=0xED2E50434Ac3623bAD763a35213DAD79b43208E4"|
netId corresponds to the network ID for the different Ethereum networks. We generally use only the following networks:
|Ethereum Testnet Ropsten|
|Ethereum Testnet Rinkeby|
For more information on switching to production mode, refer to the Additional Note for Identity Proof in Production section below.
Testing the DNS Record
The DNS propagation should take a few minutes, though in some cases you may need to wait up to 24 hours. Continue with the other parts of the guide while waiting for DNS to propagate.
After adding the
TXT record, we recommend you to check that the record has been inserted correctly by viewing with Google DNS. Make sure to select
TXT in the RR Type dropdown.
Additional Note for Identity Proof in Production
TXT record above is for use for documents issued on the Ethereum
ropsten network. To bind the identity in production where your documents are issued in the Ethereum
mainnet network, you will have to change
An example of a valid
TXT record for Ethereum
mainnet network is as shown:
|TXT||demo.openattestation.com||"openatts net=ethereum netId=1 addr=0x9db35C07350e9a16C828dAda37fd9c2923c75812"|
Additional Note for Adding DNS
Below is a list of guides provided by some of the common domain registrars and DNS providers. This list is by no means comprehensive.